Monday 30 July 2012

NetWire first Multi-platform RAT

NetWire claim to be the first Multi-platform RAT, it can generate output for Windows, Linux, Solaris and Mac OS X.
But the client work only in Windows.


Netwire team clashing DarkComet:

Safengine Licensor... :)

Allright, the disclaimer:

Main interface

Password generator feature:

Application proxifier:

Settings (General/Ports/Passwords):



Platform choice:

Windows profil:

Linux:

Solaris:

Mac OS X:

Server creation (General):

Server creation (Installation):

Server creation (Advanced):

Server build:

After opening servers:

Scree, capture/keylogger on linux:


Copy to %APPDATA% execute/close the current exe, add a startup entry

Writing Host.exe in %APPDATA%

Delete original file feature:

I don't know for other platform but the windows version is pretty easy to understand how it's work with a debugger.


The current version of Netwire (1.2.0.1) suffer of a bug on the Host ID lenght who can conduct to corrupted output for every platform



The password recovery feature can also crash the Host:


I've not tested/debuggd on Solaris and Mac OS X because i don't have both os and also the knowledge, anyway netwire seem pretty interesting.
I'm also curious to see the new project of DarkCoderSc.




Edit 31 Jul 2012:
Netwire 1.2.0.2 is out, fixing the Host ID bug who can produce corrupted Host.
I also got a mail from WorldWiredLabs about Dugidox, i've make a mistake.
The guys who advertised this on Hackforum was an affiliate of WorldWiredLabs but not from the WWL team.


14 comments:

  1. Can you reverse Solitude 1.2? Safengine too! :P
    http://www.cyber-software.org/

    ReplyDelete
  2. Why would steven work hard for crack safengine :)

    Also, i'm like :OO
    How the hell can HF guys make such rat, this need to be fake or it uses many third party applications.

    ReplyDelete
  3. if you have sample for OS X, I can take a look at it :)

    ReplyDelete
  4. lol @ password generator feature.

    ReplyDelete
  5. fake. i doubt any of these features work on osx or linux. also the world class rats died years ago. this new age rat scene is filled with feds and skiddies.

    ur all way late to the party

    ReplyDelete
  6. It's real. Dugidox gave me a copy when he was first developing it. It runs on FreeBSD as well since the Linux binary is an ELF binary (but fails to run in a jail). It's the first RAT to actually impress me, though. I like how you can compile the server in different language arrays, as well.

    ReplyDelete
  7. It's real,and it's not from HF.If you read what is written in the mails Steven received,the guy who was selling it on HF(dugidox) was fired.

    ReplyDelete
  8. Love Netwire ..... Using Pro of it .... it Rocks

    ReplyDelete
  9. He's still Selling it on HF tho.

    ReplyDelete
  10. so can we get a free copy, or should we pay for.

    ReplyDelete
  11. How in the world did you crack safengine? Any pointers? D:

    ReplyDelete
  12. No , this rat is so closed and protected as polar bear. There is only official DEMO on their site , so freewares like NJ Rat , of JRat are much much better than this , for NJ Rat , to get SC , just contact author and for JRat , go to their site and You'll get source for free , no any contact is needed. I have tried demo of NetWire on win 7 Ultimate , and , it wont even connect to local host ! :S Dark Comet was good and working , but cyber-gate , netwire and such made monopol on their products , for example , CG is protected in same manner as this one , so question is: Are they backdoored or something ? They are like BlackShades shit.

    ReplyDelete
    Replies
    1. u are right bro they backdoor prder

      Delete